package com.wyx.jdbc.PrepareStatement_;

import java.io.FileReader;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.util.Properties;
import java.util.Scanner;

/**
 * @author 王艺锡
 * @version 1.0
 */
@SuppressWarnings({"all"})
public class PrepareStatement_ {
    public static void main(String[] args) throws Exception {
        //prepareStatement可以有效的解决SQL注入的问题

        Scanner scanner = new Scanner(System.in);

        System.out.print("请输入管理员名称:");
        String admin_name = scanner.nextLine();
        System.out.print("请输入密码:");
        String admin_pwd = scanner.nextLine();

        Properties properties = new Properties();
        properties.load(new FileReader("src\\mysql.properties"));
        String user = properties.getProperty("user");
        String password = properties.getProperty("password");
        String url = properties.getProperty("url");
        String driver = properties.getProperty("driver");

        Class.forName(driver);

        Connection connection = DriverManager.getConnection(url,user,password);
        //得到preparedStatement
        //组织sql语句，其中？相当于占位符
        String sql = "select name,pwd from admin where name = ? and pwd = ?";
        PreparedStatement preparedStatement = connection.prepareStatement(sql);
        //给?赋值
        preparedStatement.setString(1,admin_name);
        preparedStatement.setString(2,admin_pwd);
        //执行select语句是使用executeQuery()
        //执行dml语句是executeUpdate()
        ResultSet resultSet = preparedStatement.executeQuery();
        if(resultSet.next()){
            System.out.println("登录成功");
        }else {
            System.out.println("登录失败");
        }

        resultSet.close();
        preparedStatement.close();
        connection.close();


    }
}
